IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers-Reference-Cited by-同舟云学术

IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers

Published:2023-07-09 Issue:14 Volume:12 Page:3010
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Cheng Yixuan¹²,Chen Wenxin¹²,Fan Wenqing¹²,Huang Wei¹²,Yu Gaoqing¹²,Liu Wen¹²

Affiliation:

1. State Key Laboratory of Media Convergence and Communication, Communication University of China, Beijing 100024, China

2. School of Computer and Cyber Sciences, Communication University of China, Beijing 100024, China

Abstract

High scalability and low operating cost make black-box protocol fuzzing a vital tool for discovering vulnerabilities in the firmware of IoT smart devices. However, it is still challenging to compare black-box protocol fuzzers due to the lack of unified benchmark firmware images, complete fuzzing mutation seeds, comprehensive performance metrics, and a standardized evaluation framework. In this paper, we design and implement IoTFuzzBench, a scalable, modular, metric-driven automation framework for evaluating black-box protocol fuzzers for IoT smart devices comprehensively and quantitatively. Specifically, IoTFuzzBench has so far included 14 real-world benchmark firmware images, 30 verified real-world benchmark vulnerabilities, complete fuzzing seeds for each vulnerability, 7 popular fuzzers, and 5 categories of complementary performance metrics. We deployed IoTFuzzBench and evaluated 7 popular black-box protocol fuzzers on all benchmark firmware images and benchmark vulnerabilities. The experimental results show that IoTFuzzBench can not only provide fast, reliable, and reproducible experiments, but also effectively evaluate the ability of each fuzzer to find vulnerabilities and the differential performance on different performance metrics. The fuzzers found a total of 13 vulnerabilities out of 30. None of these fuzzers can outperform the others on all metrics. This result demonstrates the importance of comprehensive metrics. We hope our findings ease the burden of fuzzing evaluation in IoT scenarios, advancing more pragmatic and reproducible fuzzer benchmarking efforts.

Funder

major project of Science and Technology Innovation 2030, “The next generation of Artificial Intelligence”

Fundamental Research Funds for the Central Universities

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/14/3010/pdf

Reference45 articles.

1. Internet of Things for the Future of Smart Agriculture: A Comprehensive Survey of Emerging Technologies;Friha;IEEE/CAA J. Autom. Sin.,2021

2. Redini, N., Continella, A., Das, D., Pasquale, G.D., Spahn, N., Machiry, A., Bianchi, A., Kruegel, C., and Vigna, G. (2021, January 24–27). Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices. Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.

3. (2023, June 18). Number of Internet of Things (IoT) Connected Devices Worldwide from 2019 to 2021, with Forecasts from 2022 to 2030. Available online: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/.

4. (2023, June 18). Travel Routers, NAS Devices among Easily Hacked IoT Devices. Available online: https://threatpost.com/travel-routers-nas-devices-among-easily-hacked-iot-devices/124877/.

5. (2023, June 18). Lack of IoT Security Could Undermine Growth. Available online: https://www.rsaconference.com/library/blog/lack-of-iot-security-could-undermine-growth.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Reproducibility of Firmware Analysis: An Empirical Study;Lecture Notes in Business Information Processing;2024

2. Enabling a Secure IoT Environment Using a Blockchain-Based Local-Global Consensus Manager;Electronics;2023-09-03